[00:00.440 --> 00:02.780]  So there we are again.
[00:05.160 --> 00:07.880]  And as you can see on the screen.
[00:08.500 --> 00:12.020]  We're at DEF CON and this is the Monero village.
[00:12.520 --> 00:16.800]  And today we're talking about the intervillage badge.
[00:17.660 --> 00:19.900]  We're talking about that thing.
[00:20.960 --> 00:24.320]  Right. Oh, what happened to.
[00:24.320 --> 00:27.100]  Did you see that strange pixelation.
[00:27.480 --> 00:29.080]  Okay, sorry.
[00:29.080 --> 00:48.360]  Anyway, so my name is Michael, and I'll be your speaking guide through getting started with the badge. Today, we have one hour, and I'm missing some information some content that I can't find so we may have to postpone part of this until tomorrow.
[00:48.500 --> 00:54.620]  Let me show you what we're doing tomorrow, and the next day. This is Friday, the first day of DEF CON.
[00:54.620 --> 01:06.700]  And tomorrow, Saturday, Sunday, we have excellent speeches. I think Daniel Kim is coming back for another speech. I really recommend that it's really good speaker.
[01:09.340 --> 01:14.320]  And so let's check out what we have done so far.
[01:18.480 --> 01:31.280]  These are very elegant, modern slide deck system. This year DEF CON is on a retro trip. If you've looked at the fonts, colors, and theme.
[01:31.460 --> 01:36.140]  So, we're going to do some slides on paper. Is that okay with you.
[01:36.300 --> 01:37.380]  Yeah.
[01:37.820 --> 01:39.100]  Okay.
[01:39.980 --> 01:41.100]  So,
[01:43.950 --> 01:56.050]  we just finished this presentation, which was this year's badge where we talked most about construction, do it yourself, deconstruction, putting it together, assembly.
[01:57.510 --> 01:58.930]  This one is called
[02:01.710 --> 02:03.110]  Getting Started
[02:03.110 --> 02:20.580]  with the InterVillage badge, obviously. So that's what we're focusing on. There's lots of other devices I have. We'll get to that tomorrow in the office hours but things like the Monero Rising is available as well.
[02:21.100 --> 02:26.440]  And this is maybe useful just for the size comparison.
[02:26.560 --> 02:28.000]  In any case,
[02:28.000 --> 02:38.400]  I wanted to keep everything quite clear. Today is Friday, we covered the construction, I think you can review that if it's recorded.
[02:38.420 --> 02:52.040]  We're going to talk about getting started now. This is the first steps towards using the InterVillage badge in a useful, maybe even productive, hacky, fun way.
[02:52.040 --> 02:57.380]  Getting some value out of it by using it. That's what we're talking about today, the getting started.
[02:58.680 --> 03:07.500]  Tomorrow, Saturday, you can find in our schedule which is online, monerovillage.org.
[03:08.120 --> 03:14.980]  You can find that we have a badge clinic among a number of other very good presentations.
[03:16.600 --> 03:21.040]  Mine might not be too bad either, right? It's called the badge clinic.
[03:21.320 --> 03:29.600]  We're going to combine this with a new concept in Discord. We have a channel that's intended for use with office hours.
[03:29.600 --> 03:45.160]  So if we get lucky and people understand, then we'll have a bit more interaction. Hopefully we'll do some chatting at the same time as visual explanations with a document camera, close range circuit photos.
[03:45.360 --> 03:51.440]  And that will be tomorrow, Saturday, for the badge clinic, which is one hour long.
[03:52.420 --> 04:09.340]  During that badge clinic, we're going to do some impersonation, some kind of man-in-the-middle style attacks on our own devices, which is really similar to backing up our own data, right?
[04:09.340 --> 04:18.220]  If another person who doesn't have permission does these type of impersonation things to your devices and data, then it's called theft.
[04:18.220 --> 04:30.320]  But if you do it because you're backing up, what, your library card or doing things like that, well, that's just the utility of an NFC device, whatever it is, right?
[04:30.320 --> 04:37.300]  Your credit cards are NFC devices. Okay, we're not going to do financial. We're not going to copy credit cards.
[04:38.420 --> 05:00.980]  We probably will get to examine some NDEF records, which is the, it's not a file system, but it's something similar, how the data is organized piece by piece in the radio, the RFID, EEPROM, or erasable, programmable, read-only memory.
[05:00.980 --> 05:05.700]  So that's what we're going to do tomorrow. That's going to be a bit complex, a bit more advanced.
[05:05.700 --> 05:24.640]  But I do welcome you because an office hour badge clinic style presentation is for everybody. So if you're a beginner, if you're just getting started, if you have no intention of ever using, owning, having, constructing, holding a device, then maybe you're curious.
[05:24.640 --> 05:30.320]  Come by and talk about what you're interested in. On Sunday, we have a repeat.
[05:31.540 --> 05:37.000]  And maybe we'll try something like a free mic. I don't know if we can do that.
[05:37.280 --> 05:48.080]  On Discord you can, but it doesn't scale proportionately towards the tens of thousands that DEF CON is expecting. So that may work, may not.
[05:48.840 --> 05:58.460]  So this is our lineup for the different days. And right now we're doing a getting started presentation where we will take one of these badges.
[06:00.600 --> 06:09.820]  And, and we'll, we'll get familiar with it. We'll learn how to use it and see what its limits are.
[06:10.740 --> 06:12.720]  And we'll just start using it.
[06:13.660 --> 06:18.040]  So, I have some extra stuff over here as well.
[06:18.040 --> 06:26.760]  These are all NFC powered devices. They look like cards, but they're really electronics.
[06:27.280 --> 06:38.900]  I mean, I don't have to tell you that. Everyone knows that when there's this type of golden connector on a plastic card that there's really an integrated circuit of some kind, some sort inside.
[06:40.260 --> 06:52.560]  What else do I have. So this is, I maybe want to put my thumb over the, over the phone number.
[06:52.580 --> 06:54.960]  Right, it's probably too late.
[06:55.080 --> 06:57.160]  I don't really care but...
[06:57.160 --> 06:59.460]  So I'm going to keep it turned over.
[07:00.120 --> 07:01.820]  That was a faux pas.
[07:02.060 --> 07:05.190]  Anyway, so this is a YubiKey.
[07:05.190 --> 07:20.810]  And because this YubiKey has this little symbol, which if you can see, it's, it looks like a radio transmission symbol. Right. They don't all have radio transmitters inside them.
[07:20.810 --> 07:31.390]  In fact, lots of people prefer two factor authentication devices, which are unable to transmit radio, just for security purposes.
[07:31.390 --> 07:42.490]  This is the same reason someone, some prefer password wallets without Bluetooth connector connections.
[07:42.650 --> 08:00.630]  But if you want to experiment or if you're trusting of this technology of radio, then you can take a, then you can get a two factor authentication, which, which uses radio for its transmission.
[08:00.630 --> 08:17.950]  All of these different things are either using the same radio systems but not impersonate-able, or they are, and we'll get to those advanced attacks or uses, use cases and scenarios tomorrow.
[08:17.950 --> 08:24.710]  Just wanted to kind of introduce what type of devices we can work with.
[08:26.250 --> 08:35.170]  So let's go back to the badges. They're about the same size as last year's Monero Rising.
[08:36.110 --> 08:53.770]  There's a simple reason for that is that our robots, machines, and automated tools use up to 14 centimeters of width. So the two together are 14 centimeters.
[08:54.890 --> 08:57.130]  Small anecdote there.
[08:57.130 --> 09:08.570]  So we have black badges, we have green ones, we have orange ones, we have about five colors, in case you're wondering what these colors are, it's kind of difficult to see in the light.
[09:08.650 --> 09:10.910]  That's a green one, that's an orange one.
[09:11.750 --> 09:18.570]  And the first thing that we can talk about when we're getting started with these badges.
[09:19.250 --> 09:22.810]  Let me see if what my slide deck is showing me here.
[09:23.090 --> 09:24.870]  Here's some old stuff.
[09:25.830 --> 09:27.750]  We're not going to need that.
[09:29.490 --> 09:45.630]  All right, so because I failed very badly at figuring out screen casting, I'm not going to be able to use the computer which is capturing the video and multiplexing it with audio and everything else.
[09:45.630 --> 09:48.650]  I'm not going to be able to use that for the web browser.
[09:48.650 --> 09:56.270]  And for the NFC programmer, so we're going to do this here.
[09:56.910 --> 09:59.370]  Use a phone. How about that.
[10:00.030 --> 10:01.210]  Okay, so
[10:03.530 --> 10:10.450]  I'll give you a very fast demonstration since we're already 10 minutes in, of a typical use.
[10:12.490 --> 10:19.410]  So, because we go to the manual, we always read the manual first. What is that RTFM.
[10:20.330 --> 10:31.330]  Then, people who receive a fully loaded badge they get a color manual, and the others, you get a black and white one but they look the same.
[10:32.250 --> 10:40.030]  And I think they have this section right here, where it says, participate in the DC 28 DEFCON.
[10:40.030 --> 10:45.170]  That stands for DEFCON DC 28 village network stories.
[10:45.190 --> 10:47.670]  So we have two URLs there.
[10:47.670 --> 10:51.030]  I think two is a good number to start with.
[10:51.030 --> 11:08.250]  And they're in under development so that will be difficult to use but it's your and my responsibility to make this stuff work well. It's open source, it's a distributed use case and development model.
[11:08.250 --> 11:21.950]  So, so what's not right is to expect well, I'm sure that those other hackers are more competent they'll do the job for me. Now you need to get involved, make these things better than they already are.
[11:21.950 --> 11:26.810]  But what what can help is to simply recognize these two URLs.
[11:26.810 --> 11:29.290]  And we will go there right now.
[11:29.670 --> 11:37.090]  Because I'm not an expert with the rogues village game, which is this thing here for suits game.
[11:37.590 --> 11:49.030]  We may try it if we get time but I can't explain much, I'm going to have to research that more. And on Sunday, I may as well mention that in between.
[11:49.030 --> 11:50.470]  When is it.
[11:50.470 --> 11:54.090]  Before the Sunday badge clinic.
[11:54.430 --> 11:58.870]  We have a rogues village game slash inner village badge
[12:02.050 --> 12:06.810]  question answer session I'm not can't remember what the name is.
[12:07.560 --> 12:26.170]  But it's, it's at noontime on Sunday, noontime UTC minus seven that's Las Vegas time. So if you're interested in this, the, this, the game that they're developing that's what you want to watch is the Sunday presentation, and I even get permission to be a guest speaker.
[12:26.630 --> 12:29.390]  So, if you want to see me again.
[12:30.030 --> 12:31.930]  You've got to come back on Sunday.
[12:32.430 --> 12:47.630]  Let's see. So we're, because, because I'm kind of helping to develop this year. I'm just going to go right to the Bob right now, B.O.B. Bush of being is the code name for that might want to remember that we may have a pop quiz.
[12:49.210 --> 12:53.270]  So the B.O.B. Do you remember what B.O.B. stands for.
[12:53.510 --> 12:55.670]  Are you going to put push rewind.
[12:56.370 --> 12:57.530]  Alright, so
[12:59.370 --> 13:12.620]  let's open this up to, instead of www we'll go to B.O.B. Can you see that okay.
[13:20.790 --> 13:22.170]  There we have that.
[13:23.850 --> 13:28.650]  Not so familiar with this because we're just developing it
[13:30.150 --> 13:31.850]  at this moment.
[13:32.150 --> 13:35.670]  So if you go to the B.O.B. which is in the manual.
[13:37.730 --> 13:39.550]  You get this page.
[13:40.350 --> 13:44.910]  And that's a good way to get started right that's the name of this presentation getting started.
[13:47.490 --> 13:59.250]  What eventually we will be able to do with this. We have this working, but it's on a staging site, which doesn't have eye candy or CSS or, you know, styles.
[13:59.410 --> 14:01.490]  So what this does.
[14:03.650 --> 14:07.930]  Let me see if I can find it. Where is it.
[14:07.970 --> 14:13.950]  There it is. So what this does is it helps you onboard your badge device.
[14:14.350 --> 14:21.430]  Okay, so there's you've got these three buttons on here, you have different IDs and different data on them.
[14:21.430 --> 14:31.290]  And depending on your, your personal preferences. You may not like red team, you may not like Monero.
[14:32.030 --> 14:39.850]  You may like the biohacking village though and IOT is the best right so you like those two villages, and you'll be able to select them.
[14:40.050 --> 14:47.830]  I'm hoping this is working later in the evening. So, you, you can see this site.
[14:47.830 --> 14:52.350]  You can see, let me see if I point in the right direction. No.
[14:52.650 --> 15:03.010]  You can see. Right, so you can see this site right now if you go to that URL, it's live.
[15:04.570 --> 15:14.270]  But you will only be able to onboard your own device, as intended, a little bit later after we get it working.
[15:16.290 --> 15:26.590]  So I, I'm not going to demonstrate that until tomorrow until we get into the advanced things tomorrow. That's one of the content parts that I will need to postpone.
[15:27.050 --> 15:34.790]  But in any case, doesn't matter because if you read this, the part that we did get right so far
[15:36.710 --> 15:43.050]  is in green, you know green is kind of the getting started all okay color.
[15:43.830 --> 15:45.930]  And it basically says,
[15:46.590 --> 15:48.810]  you can read that can't you.
[15:49.130 --> 15:50.490]  It says that
[15:51.510 --> 15:59.110]  one of the best ways to get started to know that your badge is working to be able to use it in a productive manner
[16:00.090 --> 16:05.610]  is to use NFC tools. Right, so I'm not sure what happens if I push on that.
[16:05.750 --> 16:11.610]  Okay, so it goes to the developers website. This is wake dev or something like that.
[16:12.070 --> 16:19.370]  And this is just documentation, I believe it tells you how to install and where to find the applications.
[16:19.710 --> 16:24.010]  So you can see that one of the places the typical Google Store.
[16:24.010 --> 16:35.070]  I don't know about Amazon and these other things. It's also on the Apple iOS catalog, what is it called shop, store, whatever.
[16:36.710 --> 16:37.010]  And
[16:38.610 --> 16:44.470]  so that's how do I get back. Right, so that's NFC tools over there.
[16:45.010 --> 16:50.110]  NFC tools right so I have already installed that I'm just going to run that.
[16:50.210 --> 16:52.370]  I have the pro version.
[16:52.370 --> 16:57.170]  And it makes me feel, makes me feel like really pro.
[16:57.830 --> 16:59.870]  So that's why I got the pro version.
[17:00.110 --> 17:02.970]  And, but you can get the regular version.
[17:03.550 --> 17:11.890]  It was, to be honest, jokes aside, it was kind of an experiment, I thought, okay I'm using this thing all the time.
[17:12.010 --> 17:17.670]  And maybe there's some advanced methods and techniques in the pro version.
[17:17.670 --> 17:25.550]  And I really haven't found a big difference between the, the one that's not labeled as pro, and this one.
[17:26.290 --> 17:28.030]  Decide for yourself.
[17:28.590 --> 17:33.110]  So the quick test. I'm going to do that now.
[17:33.310 --> 17:42.430]  Do you see this screen that it's empty. Try to memorize what's on there it's almost empty. There's just two lines approach and NFC tag.
[17:42.510 --> 17:45.270]  Welcome to the you know you see what's on there.
[17:45.270 --> 17:51.930]  The trouble is that every time I show that the badge device. You can't see the front of the screen.
[17:52.690 --> 17:57.330]  So that's why this is going to be a bit difficult. Let me get something to drink here.
[18:01.890 --> 18:12.090]  Okay, so, um, so it's a bit challenging you can't see the front of the screen and the front of the badge at the same time because they must be.
[18:12.170 --> 18:14.370]  They must be back to back.
[18:15.150 --> 18:29.730]  That's why the back of the badge is protective leather. Okay, if this was metal like copper traces and jagged parts you put that on your lens, then the lens would get damaged.
[18:29.730 --> 18:36.590]  Instead, it's a nice synthetic leather finished back. It's called leatherette, I think.
[18:36.750 --> 18:43.350]  So, feel free to just slide that on there, it won't do any damage, I think.
[18:44.090 --> 18:50.470]  Unless you have a crystal diamond phone or something, but that's the purpose of the leather.
[18:50.710 --> 18:55.330]  So the back of the badge must be placed on the back of your phone.
[18:56.730 --> 18:59.530]  For any of this to work at all.
[18:59.870 --> 19:00.810]  You have to have
[19:02.930 --> 19:11.130]  There's probably all kinds of personal secret data coming on the phone, oh no.
[19:11.130 --> 19:14.850]  So anyway, you may see something there.
[19:14.850 --> 19:21.870]  You may see, for example, that there is a setting called NFC.
[19:21.870 --> 19:24.570]  Oh, let me do that again.
[19:24.570 --> 19:26.430]  There is a setting.
[19:26.430 --> 19:29.070]  And it's called NFC.
[19:31.110 --> 19:34.530]  Hello camera, please focus. There.
[19:34.870 --> 19:44.830]  It's not too well focused, but in any case, you get the point. You can see that Bluetooth is there, that NFC is there, that airplane mode.
[19:44.830 --> 19:50.670]  So the NFC, that symbol, that's very, very, very important.
[19:50.670 --> 20:00.470]  In some cases, I'm not going to go through all the screens, but in some cases you can turn on Android Beam and things like that. They're related to NFC.
[20:00.470 --> 20:06.930]  What you won't find on here is a word RFID, although these are RFID standards.
[20:07.170 --> 20:10.310]  Okay, so if you're curious about that.
[20:10.690 --> 20:14.790]  Let me just remove that while all the private information is scrolling.
[20:15.670 --> 20:23.850]  Okay, so this badge must be placed on the back of this after your NFC circuit is turned on, as I showed.
[20:24.450 --> 20:34.230]  A normal device, as soon as you do that, would activate the circuit, it would turn it on. Let me show you how that works with my
[20:37.290 --> 20:41.570]  with my fabrication laboratory key.
[20:41.570 --> 20:47.090]  Okay, this is my fabrication laboratory key and I'm just holding my thumb over the private data.
[20:47.730 --> 20:47.970]  And
[20:49.410 --> 20:52.310]  I will just put this on the back.
[20:56.930 --> 21:01.730]  See that? You maybe even heard that, because it does make a sound.
[21:02.930 --> 21:08.810]  So, that's what the data on my key is.
[21:08.950 --> 21:11.230]  Maybe you'd like to have that data.
[21:13.990 --> 21:17.250]  Doesn't help much because this is just one of the two factors.
[21:18.070 --> 21:21.330]  And it's kind of a low value identifier.
[21:24.890 --> 21:32.990]  So, that's what we get with a classic NFC data transmission.
[21:36.690 --> 21:50.590]  The non-classic one, like this badge, has a method of defending against opportunistic data theft. So, what does that mean?
[21:50.990 --> 21:55.210]  So, if I don't have my things here.
[21:55.470 --> 21:56.390]  If I put this
[21:56.390 --> 22:06.810]  If I put this card on a table, which I do not control. It's not me that bought, owned, created, built the table.
[22:06.810 --> 22:11.390]  Then it can be that somebody else manipulated the table. Any table in the world,
[22:12.210 --> 22:20.730]  you can attach a transmitter and receiver to it, or transceiver, and it can be used to harvest data
[22:23.330 --> 22:24.530]  in a
[22:24.530 --> 22:32.850]  in a very bad manner. So, so what we're going to do is protect the data on here by simply requiring
[22:33.590 --> 22:42.590]  requiring that a human pushes on one of the three buttons before there is any possibility of data exchange.
[22:43.340 --> 22:46.150]  This isn't a perfect security feature
[22:47.270 --> 22:47.930]  because
[22:47.930 --> 22:48.450]  because,
[22:50.110 --> 22:59.140]  well, because nothing's perfect and simply because what's happening is that unless you push on one of these three buttons, the antenna,
[22:59.750 --> 23:02.350]  which maybe I can show.
[23:04.250 --> 23:07.190]  Here it is, the antenna on the back
[23:08.830 --> 23:10.410]  is not connected
[23:13.230 --> 23:17.330]  to the EEPROM data storage on the front.
[23:17.330 --> 23:24.150]  Okay, do you kind of understand that? That without pushing on this button, if you hear that click,
[23:24.150 --> 23:34.110]  without pushing on this button, if I release and do not push, then this antenna is not connected to any of the data
[23:35.390 --> 23:36.090]  storage
[23:37.470 --> 23:40.390]  ICs. And in this moment,
[23:40.390 --> 23:49.310]  the storage ICs, although they do have transceivers with absolutely no 13 megahertz antenna connected to them,
[23:49.310 --> 23:59.390]  it's not impossible, but it's likely close to impossible to easily harvest data off of there. Okay, so that's what I call
[24:00.730 --> 24:05.590]  defense of opportunistic data theft. You put this badge
[24:06.250 --> 24:15.810]  on most tables in the world in which there is an embedded attack surface and they're somewhat protected against them.
[24:16.310 --> 24:25.810]  Okay, it still doesn't mean you want to put your birth certificate and images and what are all of these very valuable private data on there. I do not recommend that.
[24:25.810 --> 24:39.670]  In some cases, these badges can replace or substitute for paper wallets. So if you're ever walking around with a paper wallet, you know very well, any camera in the room can gather, can harvest your secret key.
[24:39.670 --> 24:47.430]  Consider almost everything in the world that doesn't have a secure element to be less than perfect security.
[24:47.430 --> 25:01.490]  All right, so we got a bit off topic there. What I was trying to do is push on this and connect it to the phone. That's what I'm going to do right now. We saw an example with a plastic card.
[25:02.370 --> 25:06.750]  And now I will do it with a badge. So I'm going to push right now.
[25:08.250 --> 25:15.710]  All right, so we got some data off of the badge. This data belongs to me. So this does not qualify as theft.
[25:16.430 --> 25:22.910]  So what do we see here? There's just quite a lot of stuff. In fact, sometimes you can scroll.
[25:23.430 --> 25:29.130]  The first thing that you see, I pushed the star. That's what I did. I pushed this one.
[25:30.850 --> 25:46.930]  And the star is connected to an EEPROM, which is an ISO 15693 standard. This is an RFID that provides an NDEF, or what does NDEF stand for? It's an NFC data format.
[25:48.250 --> 25:55.670]  The manufacturer of the EEPROMs, you can see because it's very clearly ST Microelectronics in France.
[25:56.130 --> 26:10.630]  And then we have technologies available. One of them is NDEF. We have a serial number. Each of the EEPROMs, each of these EEPROMs on each individual badge, so we have very, very many of them, has an individual serial number.
[26:10.630 --> 26:24.970]  This is not something we decide. You can't buy a telephone or a computer or a badge or any electronic device where there are no serial numbers inside. It's simply
[26:26.650 --> 26:42.250]  a very common practice in industry that all of these, all of the devices expensive enough, the parts like integrated circuits to, or with a need to be unique, like memory EEPROMs and things, they have serial numbers. Okay.
[26:42.710 --> 26:49.250]  This can be useful as well. You can use this as a unique identifier, if you like.
[26:49.250 --> 27:07.550]  Alright, so some of the things here, we can use to understand like this size. That's how much data you can store on there. It's a very small one. There's just 50 bytes for this star. Just 50 bytes. This one is 50 bytes as well.
[27:08.210 --> 27:10.030]  And they're both ISO
[27:11.930 --> 27:14.850]  15693. The last one, the sun.
[27:14.850 --> 27:15.730]  This is a different
[27:16.750 --> 27:22.190]  IC. So why don't we, why don't we try the sun now, instead of me telling you about it.
[27:23.010 --> 27:26.030]  Let's put practice into...
[27:26.030 --> 27:30.730]  Wait a minute. Okay, so now I'm going to push on the sun. Ready for this?
[27:32.970 --> 27:36.270]  I have to line it up on the antenna.
[27:40.880 --> 27:42.300]  That is not working.
[27:44.740 --> 27:45.860]  There it is.
[27:46.620 --> 27:54.960]  So, now it's no longer showing an ISO 15693 standard, it's showing an ISO 14443.
[27:54.960 --> 28:07.480]  Okay, so it's not telling us what other manufacturers and service providers call their products.
[28:07.480 --> 28:10.040]  But if we go back now.
[28:10.040 --> 28:19.400]  Another thing to notice, please take a look here the size is much larger it's eight kilobytes now. So that's a really big one. Okay, that's really big.
[28:19.400 --> 28:22.080]  I think that's the largest size I know of.
[28:22.200 --> 28:29.980]  If we go back here to this, to this fabrication laboratory key.
[28:29.980 --> 28:36.340]  Let's take a look at it and see if it's this is a 144443 as well.
[28:36.760 --> 28:46.320]  Okay, and here they even labeled it MyFair, which some of you may have heard of it's a technology brand style word.
[28:46.880 --> 28:52.920]  Like I think the clam cards which are used on the London Metro subway.
[28:52.920 --> 29:01.220]  I mean they all have their names clam card and so on. I'm not sure if MyFair is always 14443.
[29:01.460 --> 29:07.900]  In any case, what this is really just delivering is the serial number.
[29:08.680 --> 29:20.300]  And this is what I use to operate the laser cutter. Okay, so if you were to, I mean, I'll tell you the truth, you can clone this serial number onto your own card.
[29:20.300 --> 29:30.480]  And then travel all the way to wherever this machine is that has this reader, whether it's Japan, Greenland, Brazil, or wherever they decide to ship this device.
[29:30.480 --> 29:36.780]  And then you will be able to use this device and impersonate me if you're willing to break the law. Okay, so don't do that.
[29:37.020 --> 29:42.540]  This is my card, but I'm not so worried because it's very low value identifier.
[29:43.240 --> 29:49.200]  Alright, so what have we learned so far. These devices.
[29:50.060 --> 29:55.540]  These badges work very well with, everybody say it at once,
[29:56.320 --> 29:59.440]  NFC tools. You can't see it because it's not focused.
[29:59.740 --> 30:04.980]  So once you start NFC tools you can start using your badge, that's kind of what we're trying to get at.
[30:05.600 --> 30:08.740]  Flip the phone over, put the badge on top.
[30:09.580 --> 30:17.220]  The first two buttons are much easier to get a read on. So I'm going to do it this way now and try to listen.
[30:22.690 --> 30:27.530]  Did you hear that? And then I turn the phone over to show you, and it's got the data on there.
[30:28.250 --> 30:30.370]  All right, let me do it again with the middle one.
[30:34.010 --> 30:39.970]  So you probably heard that, and then we have a different standard. I'm sorry, no, it's still the 15693.
[30:40.990 --> 30:54.330]  Turn it over again for the sun. This one I recommend that you twist it around, it's much more difficult. This is a short range tag. These are both long range. This one's short range. So let's see.
[30:58.820 --> 31:01.980]  Okay, I got it just simply because I'm doing this all the time.
[31:03.560 --> 31:16.760]  But it's going to be really difficult. And if your antenna, if the antenna in the phone, in your phone, is not very high up here, but it's lower down there, then you're going to need to put the badge in a different part of the phone.
[31:16.760 --> 31:23.520]  You understand that? I mean, there is tablets, there are different devices that have NFC inside.
[31:23.520 --> 31:41.120]  So getting started with any of these computing devices, I've even seen laptops with NFC circuits and antennas. You can try them, it's kind of more common to use a phone. Almost every phone that's been manufactured in the last two or three years has an NFC circuit inside.
[31:41.300 --> 31:49.800]  I can kind of imagine that there's phones that are made for children or something, or the absolute cheapest ones that don't have them.
[31:50.900 --> 31:55.680]  But you're going to, you're going to have a phone probably that has NFC on there.
[31:56.180 --> 32:00.040]  All right, so let's,
[32:02.480 --> 32:09.660]  let's think about what to do next. We haven't talked about the technology, but it's not, we need a microscope for that.
[32:09.960 --> 32:12.100]  So it's not going to be possible.
[32:14.140 --> 32:18.800]  One of the things we could talk about.
[32:21.810 --> 32:22.550]  Yeah.
[32:24.150 --> 32:26.610]  I have a couple.
[32:27.510 --> 32:30.010]  Okay, that could be a question now.
[32:30.450 --> 32:33.110]  The stream is very choppy I hear.
[32:34.070 --> 32:36.670]  Why is it choppy we were?
[32:38.270 --> 32:40.650]  Strange. Okay.
[32:41.530 --> 32:43.470]  Thanks for telling me.
[32:47.560 --> 32:57.820]  So, okay, so let's go back to the website. All right, let's, let's figure out what we have covered here.
[32:59.830 --> 33:03.650]  So we got started on the...
[33:03.650 --> 33:08.570]  There you can read that better. We got started on the website, which is
[33:09.710 --> 33:16.170]  what is easy to find. It's on all of the packaging, it's the QR codes.
[33:16.470 --> 33:19.250]  It's hopefully the go to place.
[33:19.710 --> 33:20.630]  Right.
[33:21.750 --> 33:26.210]  You find that you have some short information.
[33:27.290 --> 33:30.510]  The green tells you how to get to NFC tools.
[33:30.510 --> 33:33.250]  You need to install that it's an application.
[33:34.050 --> 33:50.090]  And eventually we will have things here, guiding you to adjust your phone's browser in order to make it capable and compatible with the badge using NFC.
[33:50.090 --> 33:54.450]  You can kind of read the text is finished, so it's clear enough.
[33:54.450 --> 33:56.990]  It says there,
[33:59.070 --> 34:07.210]  platform features, you need to enable the NFC platform features. I'll actually do that now, because it may not be so clear.
[34:07.270 --> 34:18.650]  But in order to use a web browser like this one, when we're going to type URLs in here and try to interact with one of these badges from a web browser.
[34:19.010 --> 34:23.150]  That's what we're going to need to do this thing in the blue.
[34:23.150 --> 34:29.110]  All right, we're going to need to copy this text.
[34:32.270 --> 34:35.390]  Then we're going to put that up here.
[34:35.970 --> 34:37.050]  All right.
[34:41.260 --> 34:43.280]  Let's paste that, shall we.
[34:43.540 --> 34:47.640]  I'm doing this slowly because Reware said everything's choppy here.
[34:47.980 --> 34:49.420]  So I'm going to paste.
[34:50.440 --> 34:52.140]  That didn't work.
[34:54.460 --> 34:56.980]  So, that worked this time.
[35:01.770 --> 35:06.750]  All right, so what do we see here. This is where everything turns red, you get warnings.
[35:08.090 --> 35:16.770]  Experimental web features is what I have enabled there. That's why it's the very first one, it's at the top. You will probably have to scroll down.
[35:16.770 --> 35:24.810]  Okay, there's all kinds of things here, you can enable, disable, there's web RTC multichannel, you get the idea.
[35:24.810 --> 35:31.110]  But if you do not have this experimental web platform features enabled.
[35:31.510 --> 35:40.670]  That just means that you will be limited to using an application like NFC tools.
[35:40.690 --> 35:43.830]  You can use NFC tools, whenever
[35:43.830 --> 35:53.230]  whenever your NFC circuit is turned on. That's when you can use NFC tools.
[35:54.310 --> 36:07.090]  All right, but if you want to use a web browser to access your badge. That's when you need to go to the Chrome double colon flags.
[36:07.090 --> 36:17.530]  And that's when you need I apologize for this actually it's very uncomfortable, right, this is what most people don't like to do is adjust and configure their phones.
[36:18.090 --> 36:22.130]  There is a long story to this, I will tell you the short version.
[36:23.510 --> 36:47.450]  Some manufacturers like Google lock down certain features, they force you to enable them. We were able to until the 29th of July, we had a special key from the, what was it the Google Chrome department that issued us a key as developers.
[36:48.350 --> 36:55.350]  And on the 29th that key expired. So this is what we have to do since the 29th.
[36:55.730 --> 37:01.410]  Is this still very choppy RERAR, you want to tell me if it's improved or not.
[37:03.850 --> 37:07.970]  In any case, this is documented in many places.
[37:08.530 --> 37:12.770]  Like we saw before, documented here.
[37:13.410 --> 37:26.670]  And we even put a URL here I believe if you click on that, that it goes to a kind of a explanation about what this is all about experimental API's if you want to read this.
[37:26.670 --> 37:43.670]  This is kind of for hackers. So if you're not comfortable adjusting and configuring your phone, then you can still use your badge by either waiting for the Chrome origin program for developers to kick in again, because I assume after the 29th it finished
[37:43.670 --> 37:45.990]  then we will get another key someday.
[37:46.790 --> 37:53.970]  You can either wait for that or you can use NFC tools, which works out of the box, immediately.
[37:53.970 --> 37:56.130]  Right.
[37:56.510 --> 38:00.970]  So, those are the options.
[38:00.970 --> 38:08.110]  And I'll just emphasize once again that our website up here.
[38:08.110 --> 38:10.130]  The Bob website.
[38:10.130 --> 38:14.110]  This will be a method for you to onboard your device.
[38:14.960 --> 38:32.910]  According to your personal preferences, whether you like the biohacking village more than the red team or the red team more than Monero or maybe you want a combination, which will be possible as well to combine the different village profiles.
[38:33.710 --> 38:35.650]  All right, so...
[38:36.570 --> 38:42.950]  See what Rewire says. It will be choppy unless you turn down the quality. All right.
[38:44.190 --> 38:51.850]  Do I really want to do that? Re-adjust and configure OBS mid-speech?
[38:52.410 --> 38:54.330]  Oh, God.
[38:55.330 --> 38:57.690]  I don't think so.
[38:59.970 --> 39:02.790]  But we've got 10 more minutes.
[39:05.380 --> 39:13.020]  Okay. Okay. Okay, Justin, I'm going to try this, but I will definitely blame you if this goes badly.
[39:14.740 --> 39:20.240]  Okay, so let me see if I can do this quickly. There's I've got the video already there.
[39:20.440 --> 39:26.600]  Okay, Justin, new problem. I mean, I can't adjust anything while I'm streaming.
[39:26.600 --> 39:34.480]  Right, so I'm not going to do it because turning streaming off and then to get it back on again is going to be three minutes of dead air.
[39:34.720 --> 39:40.780]  I think you agree that would be a bad idea. So, can't change any settings on OBS while you're streaming.
[39:41.760 --> 39:46.400]  I will have to change it for tomorrow. Hopefully tomorrow will be less choppy.
[39:46.720 --> 39:47.540]  All right.
[39:48.940 --> 39:56.840]  So in, in sense, in a sense, that was the getting started speech.
[39:57.520 --> 40:00.620]  We covered the first of the two URLs.
[40:00.860 --> 40:07.680]  And the second, you can hear just read that I mean you can you can go to the second on your own.
[40:08.140 --> 40:11.920]  It would make no sense to try that now because I'm not an expert.
[40:13.380 --> 40:15.740]  It's actually kind of hard to read.
[40:16.260 --> 40:17.520]  Foursuit's game.
[40:18.380 --> 40:35.040]  So, yeah, if you're feeling creative and you're interested in, in knowing what else the batch can do and how the rogues village is using it, then either wait until Sunday when they explain it in a presentation, or just go to the URL right now download the manual,
[40:35.040 --> 40:40.020]  free of charge, go to the go there, you know, pretend like you have a badge in your hand if you don't have one.
[40:40.600 --> 40:46.540]  And that's how you can research and hack a hack around a bit, because after all this is DEF CON.
[40:47.220 --> 40:52.480]  Isn't that a nice manual, one of the best illustrators and graphic artists in the world made that for us.
[40:52.880 --> 40:57.260]  And he even she or he even wrote. Thanks for hacking.
[41:00.530 --> 41:05.890]  Right. Okay, so this was meant to be a very slow and gentle introduction.
[41:05.890 --> 41:10.250]  And it was the getting started with the village badge.
[41:11.450 --> 41:23.650]  Tomorrow we will do some impersonation some attacks on our own devices, things like identity cards and two factor authentication devices.
[41:23.790 --> 41:32.690]  Yeah, there is 10 more minutes. So, if the, if the video was not too choppy.
[41:32.690 --> 41:35.590]  That you couldn't understand anything.
[41:36.330 --> 41:40.770]  Then it's now time to ask your question.
[41:40.770 --> 41:50.810]  You can ask questions on the traditional the official DEF CON channels. Those are all on discord.
[41:50.870 --> 41:58.090]  Just like you cannot participate in a normal DEF CON year by going to
[41:59.970 --> 42:09.350]  Canada. You also can't fully participate on a virtual DEF CON year without going to discord. All right.
[42:09.610 --> 42:19.750]  You can kind of watch these videos on Twitch and YouTube, but really participating, you want to check out those channels on discord. Okay, so maybe there's questions there now.
[42:19.750 --> 42:21.610]  Let me just take a look.
[42:23.470 --> 42:26.970]  I don't see any.
[42:27.490 --> 42:30.030]  On the right channel.
[42:32.770 --> 42:35.970]  Don't see any questions.
[42:36.590 --> 42:48.330]  So, I'm going to assume that that we are done. But before I check out for the day.
[42:48.330 --> 42:52.850]  Going to explain something in case you do have questions later.
[42:54.210 --> 42:56.890]  So if you have questions later.
[42:57.430 --> 42:59.770]  About these nifty devices.
[43:00.390 --> 43:02.930]  Then we have a help desk.
[43:02.970 --> 43:05.250]  Has nothing to do with DEF CON.
[43:08.180 --> 43:26.240]  We have a help desk. It's a Monero devices help desk, so it's not manned by staffed employees, right, we're all just volunteers, and it's kind of a community, anyone can join, and everyone is encouraged to provide as many questions with many answers as questions.
[43:26.240 --> 43:29.300]  Right. Here's a help desk location.
[43:29.880 --> 43:32.260]  I'm not even going to write the HTTP.
[43:43.870 --> 43:47.730]  It's calm, it's not org. Okay, just try to remember that.
[43:47.850 --> 43:51.690]  So you can get it, you can launch questions there.
[43:56.210 --> 43:58.750]  What else do we have. There's another.
[43:59.910 --> 44:01.510]  There's this as well.
[44:01.510 --> 44:05.010]  Since we finished early I'll just run through a few
[44:07.090 --> 44:13.630]  reused slides. All right, so you want to get a badge, you can find them. There's three places in fact.
[44:13.830 --> 44:16.030]  There's three places. So maybe
[44:17.590 --> 44:19.910]  with all the extra time we have.
[44:20.230 --> 44:23.990]  I maybe failed to mention that if you look there.
[44:25.490 --> 44:27.910]  You go to the menu see how that works.
[44:29.190 --> 44:33.210]  On the, on the badge on the, on the Bob site.
[44:34.530 --> 44:36.330]  So go to the menu.
[44:36.590 --> 44:40.530]  You've got your shops there. Most of this is working properly.
[44:40.870 --> 44:45.970]  So let's imagine you'd really like to have have one of these badges you want. You want a full featured.
[44:46.630 --> 44:48.650]  You want a full featured.
[44:48.770 --> 44:55.330]  One of the best of the best badges, you go to Cypher Market or Hack 5.
[44:56.210 --> 44:58.490]  Let's see which one should I choose.
[44:58.490 --> 45:00.490]  I'm sorry Hack 5 I haven't even.
[45:01.810 --> 45:06.270]  See if that works. Yeah. Okay, so that's, that's how that works.
[45:06.350 --> 45:10.630]  Here is Cypher Market.
[45:14.550 --> 45:16.430]  Hello. Okay.
[45:16.670 --> 45:19.430]  See how that works. So Cypher Market has more colors.
[45:19.470 --> 45:25.950]  And if you prefer a, if you prefer a do it yourself model.
[45:25.950 --> 45:32.710]  Then unfortunately, I couldn't convince the others to list all these different models.
[45:32.850 --> 45:42.590]  So, couldn't get that done. So the only place where you can get a do it yourself model, that's going to be here on the factory shop.
[45:42.950 --> 45:47.150]  All right, so those are kind of your rundown of your choices.
[45:47.630 --> 45:51.030]  The other thing is that this thing here.
[45:51.030 --> 45:59.150]  This stands for source code management. So this is where all of our open source archives repositories are.
[45:59.750 --> 46:01.730]  That's very useful as well.
[46:01.930 --> 46:09.150]  All right, so we're finishing five minutes early which is refreshing. We usually go over time.
[46:09.150 --> 46:19.270]  This drives AJ and SGP and all of the administrators, drives them crazy. This time we're finishing early.
[46:19.710 --> 46:20.990]  One more.
[46:22.230 --> 46:30.670]  One more look at the discord channel, and there's nothing there, which means that we just finished
[46:33.830 --> 46:41.830]  the getting started with this year's village badge, intervillage badge.
[46:41.830 --> 46:55.390]  Okay, don't forget that if you're interested, and you have time tomorrow, Saturday, that we have what, not two but only one badge clinic, during which we can talk about some more advanced things
[46:56.970 --> 47:01.830]  like impersonation, things like that, backing up your data.
[47:02.750 --> 47:15.730]  And then Sunday we have the same thing. Sunday we'll talk about the game, the rogues village game as well, but that's not on the Monero village. That presentation is happening on the rogues village.
[47:15.890 --> 47:17.310]  Big surprise.
[47:18.230 --> 47:36.130]  All right, that's all for today folks and I think we're, you're in luck if you're still watching because if you're not bored to death, because there is still a very important very intriguing speech coming up I'm sure the moderator will tell you but I think Rerar
[47:36.130 --> 47:41.210]  in fact the famous Rerar is going to give a speech now is that right, or did I get that wrong.
[47:41.850 --> 47:44.170]  Let me just check quickly.
[47:52.670 --> 47:56.790]  I know that he's closing the village on Sunday.
[48:01.190 --> 48:03.270]  And for today.
[48:04.270 --> 48:09.050]  In fact, Rerar is speaking next, and it should be a good one.
